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(54) System for preventing an illegal copy of digital contents 



(57) In order to prevent an illegalcopy of an encoded 
digital content downloaded by users for reproduction, all 
systems connected to the users generate a plurality of 
keys which are mutually shared, and download and up- 
load the digital content by using channels formed be- 
tween units performing mutual communication 

A unit for supplying the digital content receives an 
authorization of legally supplying the digital content from 
an authorization recognition unit. A first content output 
unit (40) is authenticated form a digital content supplying 
unit (30). At this time, the digital content supplying unit 
(30) and the first content output unit (40) form a sharing 
key to form a channel between the two. A second con- 
tent output unit (50) is authenticated from the digital con- 
tent supply unit (30) through the first content output unit 
(40), the first content output unit (40) and the second 
content output unit (50) form a channel to the channel 
key. The digital content between the first content output 
unit (40) and the second output unit (50) is downloaded 
and uploaded according to respective control state data 
of the first content output unit (40) and the second output 
unit (50). Accordingly, the digital content transmitted be- 
tween the digital content supply unit (30), the first con- 
tent output unit (40), and the second content output unit 
(50) can be prevented from an illegal copy. 
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Description 

[0001] The present invention relates to a system tor 
preventing an illegal copy of digital contents, and more 
particularly to a system for preventing an illegal copy of 
digital contents which forms secret channels between 
all the systems connected to users and exchanges con- 
tents through the formed secret channels in order to 
safeguard digital contents from illegal copying. 
[0002] In recent years, the communications environ- 
ment has rapidly been developed when considering that 
a lot of data is provided through the internet, a tot of ter- 
minal units are provided to which data can be easily 
downloaded from the internet through internet hookup, 
and the like. 

[0003] Therefore, peop le obtain a wide variety of data 
by using such a communications environment. That is, 
individuals have internet appliances having communi- 
cation equipments and download various data from the 
internet by using the internet appliances. 
[0004] The term internet appliance is intended to cov- 
er equipment such as a PC phone, a PDA, a Web 
Phone, a Mobile Phone, and the like, which are herein- 
after referred to herein as first content output units in. 
[0005] Because of the expansion in the communica- 
tions environment, there are now many digital content 
suppliers who are willing and able to provide much more 
digital data to such first content output units than previ- 
ously, and those digital contents suppliers provide users 
with digital contents to such first content output unit, by 
compressing the contents according to MP3, AAC, G2 
methods. 

[0006] Digital contents which are used in the present 
invention mean all data including audio, video data, as 
well as character data such as song words, movie cap- 
tions, and the like to be provided through the internet. 
[0007] In particular, the MP3 which is the audio data 
of the above digital contents is downloaded to the first 
content output unit as well as the second content output 
unit such as an MP3 player and then reproduced. 
[0008] In the meantime, the MP3 is downloaded to a 
content storage unit such as a smartmedia card built in 
the first content output unit, and the MP3 downloaded 
in the content storage unit is reproduced through the 
second content output unit. 

[0009] However, as stated above, there is a drawback 
in that digital data downloaded «to the first and second 
content output units and the content storage unit is eas- 
ily copied to be illegally distributed. 
[001 0] With a view to solve or reduce the above prob- 
lem, it is an aim of embodiments of the present invention 
to provide a system for preventing an illegal copy of dig- 
ital contents for preventing the illegal copying and dis- 
tribution of digital content downloaded by forming a se- 
cret channel between all the system mutually connected 
as users download and reproduce the digital content. 
[0011] According to an aspect of the present inven- 
tion, there is included an authorization recognition unit 



for generating a first authentication qualification key and 
a first authentication qualification key data in response 
to a second, externally input, registration request signal, 
a content supply unit for transmitting the second regis- 

s tration request signal to the authorization recognition 
unit, storing a first authentication qualification key and 
the first authentication qualification key data inputted 
from the authorization recognition unit, and generating 
a second authentication qualification key and a second 

10 authentication qualification key data, and a first content 
output unit for outputting the third registration request 
signal to the content supply unit, and storing the second 
authentication qualification key and the second authen- 
tication qualification key data inputted from the content 

is supply unit. 

[0012] Preferably, the authorization recognition 
means forms a first channel key capable of sharing with 
the content supply means in response to a first registra- 
tion request signal inputted from the content supply 

20 means, and outputs an encoded first authentication 
qualification key and an encoded first authentication 
qualification key data to the content supply means via a 
secret channel formed by the first channel key 
[0013] The content supply means may interpret and 

25 store the first authentication qualification key and the 
first authentication qualification key data input from the 
authorization recognition means via the secret channel 
by using the first channel key. 

[001 4] The content supply means may form a second 

30 channel key capable of sharing with the first content out- 
put means in response to the second registration re- 
quest signal input from the first content output means, 
and output a second authentication qualification key and 
an encoded authentication qualification key data to the 

35 first content output means through a secret channel 
formed by the second channel key 
[0015] Preferably, the first content output means in- 
terprets and stores the second authentication qualifica- 
tion key and the second authentication qualification key 

40 data inputted from the content supply means through 
the secret channel by using the second channel key. 
[001 6] According to a second aspect of the invention, 
there is provided a system for preventing an illegal copy 
of digital contents, comprising: authorization recognition 

45 means for generating a manufacturer key and a manu- 
facturer key data in response to an externally input first 
registration request signal, generating a first table and • 
a second table by using the manufacturer key and the 
manufacturer key data, and generating a first authenti- 

50 cation qualification key and a first authentication quali- 
fication key data in response to the second registration 
request signal inputted from external; record/reproduc- 
tion apparatus supply means for outputting the first reg- 
istration request signal to the authorization recognition 

55 means, and storing the manufacturer key and the man- 
ufacturer key data inputted from the authorization rec- 
ognition means; content supply means for outputting the 
second registration request signal to the authorization 
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recognition means, storing the first authentication qual- 
ification key, the first authentication qualification key da- 
ta, and the second table, and generating a second au- 
thentication qualification key and a second authentica- 
tion qualification key data in response to an externally s 
input third registration request signal; first content out- 
put means for outputting the third registration request 
signal to the content supply means, storing the second 
authentication qualification key and the second authen- 
tication qualification key data input from the content sup- 1 o 
ply means, outputting the externally input manufacturer 
key data to the content supply means, encoding and out- 
putting the manufacturer key detected from the second 
table in response to the manufacturer key data; and sec- 
ond content output means for storing the manufacturer is 
key and the manufacturer key data input from the au- 
thorization recognition means, outputting the manufac- 
turer key data to the content supply means through the 
first content output means, and comparing the manufac- 
turer key with the manufacturer key of the second table 20 
input from the first content output means in order to 
judge if the stored manufacturer key is authenticated. 
[0017] Preferably, the first table generated from the 
authorization recognition means contains the manufac- 
turer key data, the manufacturer key, and an identifier 25 
corresponding to the manufacturer key, and is stored 
only in the authorization recognition means. 
[0018] The second table generated from the authori- 
zation recognition means and output to the content sup- 
ply means has an identifier corresponding to the manu- 30 
facturer key data and the manufacturer key, data from 
encryption of the manufacturer key by using a token, 
and a token. 

[0019] A content storage means may be further in- 
cluded which is connected to the first content output 35 
means or the second content output means and stores 
data downloaded from the content supply means. 
[0020] Preferably, the authorization recognition 
means forms a first channel key capable of sharing with 
the content supply means in response to a first registra- *o 
tion request signal inputted from the content supply 
means, and outputs an encoded first authentication 
qualification key and an encoded first authentication 
qualification key data to the content supply means via a 
secret channel formed the first channel key. 45 
[0021] The content supply means preferably forms a 
second channel key capable of sharing with the first con- 
tent output means in response to the second registration 
request signal input from the first content output means, 
and outputs a second authentication qualification key 50 
and an encoded authentication qualification key data to 
the first content output means through a secret channel 
formed by the second channel key. 
[0022] Preferably, the first content output means in- 
terprets and stores the second authentication qualifica- ss 
tion key and the second authentication qualification key 
data inputted from the content supply means through 
the secret channel by using the second channel key. 



[0023] The token may be randomly generated by the 
authorization recognition means. 
[0024] The first content output means preerably forms 
a third channel capable of being shared with the second 
content output means, encodes the third channel key 
with a token inputted from the content supply means and 
transmits to the second content output means. 
[0025] The second content output means may extract 
a token from encoded manufacturer data from the first 
content output means by using the stored manufacturer, 
key in advance, interprets and stores the third channel 
key by using the token to form a secret channel with the 
first content output means. 

[0026] According to another aspect, there is provided 
a system for preventing an illegal copy of digital con- 
tents, comprising: content supply means for supplying 
an encoded digital content; first content output means 
including a database which has reproduction data of a 
digital content downloaded from the content supply 
means, encoding the database by using the third chan- 
nel key for storage, interpreting the reproduction data of 
the digital content inputted from external by using the 
third channel key to be compared with a reproduction 
data of the database, to thereby judge if an illegal copy 
of the digital content is performed; and second content 
output means for updating the reproduction data of the 
digital content stored in advance by interpreting the re- 
production data of the digital content input from the first 
content output means by using the third channel key, 
and transmitting the updated reproduction data of the 
digital content to the first content output means. 
[0027] The database may be separated with an iden- 
tifier data area of the digital content, an updated token 
data area, an data area for a present state of the digital 
content, and a reproduction control data area, and has 
the corresponding data. 

[0028] The data area for the present state of the digital 
content preferably include: data indicating that the dig- 
ital content is downloaded in a copy form from the first 
content output means to the second content output 
means; data indicating that the digital content is down- 
loaded in a transmission form from the first content out- 
put means to the second content output means; and da- 
ta indicating that the digital content is downloaded and 
uploaded between the first content output means and 
the second content output means. 
[0029] The reproduction control data area of the dig- 
ital content may include: data for reproduction times of 
the digital content; data for a reproduction expiration pe- 
riod of the digital content; and data for an amnesty pe- 
riod of the digital content. 

[0030] For a better understanding of the invention, 
and to show how embodiments of the same may be car- 
ried into effect, reference will now be made, by way of 
example, to the accompanying diagrammatic drawings 
in which: 

Figure 1 is a schematic view for explaining a system 
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for preventing an illegal copy of digital contents ac- 
cording to an embodiment of the present invention; 

Figures 2-5 are views for briefly explaining registra- 
tion requests or digital content reproductions of re- 
spective blocks of Figure t; 

Figure 6 is a view for showing an example of a file 
format which is supported by the embodiment of the 
present invention; 

Figure 7 is a block diagram for showing digital con- 
tent processes in a content storage unit of the em- 
bodiment of the present invention; 

Figure 8 is a view for showing an output source ca- 
pable of being additionally connected to the embod- 
iment of the present invention; and 

Figure 9 is a view for showing an input control block 
diagram for supporting the output source of Figure 
8. 

[0031] Hereinafter, an preferred embodiment of the 
present invention will be described in detail with refer- 
ence to the accompanying drawings. 
[0032] Figure 1 is a schematic view for explaining a 
system for preventing an illegal copy of digital contents 
according to an embodiment of the present invention, in 
which the structure is as follows. 
[0033] An authorization recognition unit 1 0 generates 
a manufacturer key and a manufacturer key data 12 in 
accordance with a first registration request signal 22 in- 
putted from a record/reproduction apparatus supply unit 
20, described later, and outputs a manufacturer key and 
a manufacturer key data 12 to the record/reproduction 
apparatus supply unit 20. Further, the authorization rec- 
ognition unit 1 0 uses the manufacturer key and a man- 
ufacturer key data 12,generates first and second 
tables , and generates a first authentication qualification 
key and a first authentication qualification key data 11 
in accordance with a second registration request signal 
31 inputted from a content supply unit 30. 
[0034] The first authentication qualification key and 
the first authentication qualification key data 11 mean a 
public key (PubKey^p), a public key datafCertc^Pub- 
Key lsp )), and a private key(PrvKey BP ) of the content 
supply unit 30 generated from the authorization recog- 
nition unit 10. 

[0035] Further, the first table, as shown in Figure 2, 
contains a manufacturer key data(Cert(MK PD )), the 
manufacturer key(MK PO ), and an identifier(ID MK ) cor- 
responding to the manufacturer key data and the man- 
ufacturer key, and is stored in only the authorization rec- 
ognition unit 10. Further, the second table is generated 
from the authorization recognition unit 10 and outputted 
to the content supply unit 30, and contains the identifier 
(ID MK ), datafENcirvlKpo, T)), and a tokenpT) which en- 



codes the manufacturer key by using the token. 
[0036] At this time, the authorization recognition unit 
1 0 forms a first channel key(k) which can be shared with 
the content supply unit 30 in accordance with the second 

5 registration request signal 31 inputted from the content 
supply unit 30, and outputs the first authentication qual- 
ification key and the first authentication qualification key 
data 1 1 which is encoded into the content supply unit 30 
through a secret channel formed by the first channel key 

io (k). 

[0037] The first channel key is a key generated from 
encryption of the authorization recognition unit 1 0 by us- 
ing data which the content supply unit 30 has. 
[0038] The record/reproduction apparatus supply unit 

is 20 outputs the first registration request signal 22 to the 
authorization recognition unit 10, stores and manufac- 
tures the manufacturer key and the manufacturer key 
data(MK PD , (Certc^MKpp); 12) inputted from the au- 
thorization recognition unit 10 to be recorded in internal 

20 memory of the second content output unit 50, described 
later, which is a record/reproduction apparatus. 
[0039] The content supply unit 30 outputs the second 
registration request signal 31 , stores the first authenti- 
cation qualification key, the first authentication qualifica- 

2S tion key data, and the second table 11 inputted from the 
authorization recognition unit 10, and generates a sec- 
ond authentication qualification key and authentication 
qualification key data 32 in response to a third registra- 
tion request signal 41 inputted from the first content out- 

30 put unit 40 described later. 

[0040] In the meantime, the content supply unit 30 in- 
terprets and stores the first authentication qualification 
key and the first authentication qualification key data 11 
inputted from the authorization recognition unit 10 

35 through the secret channel by using the first channel key 
k. 

[0041] At this time, the content supply unit 30 forms 
the second channel key k which can be shared with the 
first content output unit 40 in response to the second 

40 registration request signal 41 inputted from the first con- 
tent output unit 40, and transmits the second authenti- 
cation qualification key(PubKey tsp ) and the second au- 
thentication qualification key datafCertc^PubKey^p)) 
which are encoded as the first content output unit 40 

45 through the secret channel formed by the second chan- 
nel key(k). 

[0042] The fi rst content output un it 40 outputs the th ird 
registration request signal 41 to the content supply unit 
30, stores the second authentication qualification key 

so and the second authentication qualification key data 32 
inputted from the content supply unit 30, transmits a 
manufacturer key data inputted from the second content 
output unit 50, described later, to the content supply unit 
30, encodes and outputs the manufacturer key detected 

55 from the second table in response to the manufacturer 
key data. 

[0043] The second channel key(k) is a key generated 
through encryption of the content supply unit 30 by using 
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data which the first content output unit 40 has, and is 
shared by the content supply unit 30 and the first content 
output unit 40. 

[0044] Further, the first content output unit 40 stores 
a database encoded by the third channel key 
( ck pd-lcm)' wherein the database has a digital content 
reproduction data downloaded from the content supply 
unit 30, interprets by the third channel keyfCKpo.LOM) 
the digital content reproduction data inputted from the 
second content output unit 50, and compares the digital 
content reproduction data with the database production 
data, and judges whether the digital content has been 
illegally copied. 

[0045] Here, the database contains an identifier data 
area of the digital content, an updated token data area, 
a data area for a present state of the digital content, and 
a reproduction control data area. 
[0046] Further, the data area for a present state of the 
digital content has data informing if the digital content is 
downloaded from the first content output unit 40 to the 
second content output unit 50 in a copy form, data in- 
forming if the digital content is downloaded from the first 
content output unit 40 to the second content output unit 
50 in a transmission form, and data informing if the dig- 
ital content is downloaded or uploaded between the first 
content output unit and the second content output unit. 
[0047] Further, the reproduction control data area of 
the digital content has data for reproduction times of the 
digital content; and data for reproduction expiration pe- 
riod of the digital content, and data for amnesty period 
of the digital content. 

[0048] In the meantime, the first content output unit 
40 interprets and stores the second authentication qual- 
ification key and the second authentication qualification 
key data inputted from the content supply unit 30 
through the secret channel by using the second channel 
key(k). 

[0049] Lastly, the first content output unit 40 forms the 
third channel key(CK PD _ LCM ) which can be shared with 
the second content output unit 50, encodes the third 
channel key(CK PD . LCM ) inputted from the content sup- 
ply unit 30 into a token, and transmits the second output 
unit 50. 

[0050] At this time, the token T is randomly generated 
by the authorization recognition unit 10. 
[0051] The second content output unit 50 stores the 
manufacturer key (MKpo) and the manufacturer key data 
(CertQ^MKpQ)) inputted from the authorization recog- 
nition unit 10, transmits the manufacturer key data to the 
content supply unit 30 through the first content output 
unit 40, and compares the manufacturer key with the 
manufacturer key of the second table inputted from the 
first content output unit 40 for judging if the stored man- 
ufacturer key is authenticated. 

[0052] Further, the second content output unit 50 ex- 
tracts a token from the manufacturer key data encoded 
in the first content output unit 40 by using the stored 
manufacturer key, and interprets and stores the third 



channel keyfCKp^Lcu) by using the token to form a se- 
cret channel with the first content output unit 40. 
[0053] The content storage unit 60 is mounted to the 
first content output unit 40 or the second content output 
5 unit 50 and stores data which is downloaded from the 
content supply unit 30. 

[0054] In the meantime, the digital content recorded 
in the content storage unit 60 is reproduced through the 
first content output unit 40 or the second content output 
10 unit 50. 

[0055] The record/reproduction apparatus supply unit 
20 transmits the first registration request signal 22 to the 
authorization recognition unit 10, and receives the man- 
ufacturer key(MK PD ) and the manufacturer key data 
(Cert AC (MK PD )) generated by the first registration re- 
quest signal 22. 

[0056] The content supply unit 30 transmits the sec- 
ond registration request signal 31 to the authorization 
recognition unit 10, transmits the first authentication 

20 qualification key data 11 qualified for providing an en- 
coded digital content generated by the second registra- 
tion request signal, and receives the second table gen- 
erated from the authorization recognition unit 10. 
[0057] The first content output unit 40 transmits the 

25 second registration request signal 41 to the content sup- 
ply unit 30, and receives the second authentication qual- 
ification key(PubKey| S p) and the second authentication 
qualification key data(Cert CA (PubKey, SP )) and the pri- 
vate key(PrvKey LCM ) and the public key(PubKey LCM ) of 

30 the first content output unit 40 and the identifier(ID LCM ). 
[0058] Further, the first content output unit 40 inputs 
the manufacturer key data(Cert CA (MK PD )) from the sec- 
ond content output unit 50 and transmits the same to 
the content supply unit 30. Furthermore, the first content 

35 output unit 40 extracts and encodes only table data cor- 
responding to the manufacturer key data from the sec- 
ond table, and transmits the encoded table data to the 
second content output unit 50. 

[0059] Therefore, the second content output unit 50 
40 inputs and stores the manufacturer key(MK PD )and the 
manufacturer key datafCert^ (MK PD )) transmitted by 
the authorization recognition unit 10. Further, the sec- 
ond content output unit 50 transmits the manufacturer 
key data(Cert CA (MK PD )) to the content supply unit 30 
45 through the first content output unit 40, and the second 
content output unit 50 inputs and interprets the manu- 
facturer key data of the second table transmitted from 
the first content output unit 40 to store the internal mem- 
ory. 

50 [0060] Operations of the system for preventing an il- 
legal copy of a digital content according to an embodi- 
ment of the present invention structured as above will 
be described in detail with reference to the accompany- 
ing drawings. 

55 [0061] Figure 3 to Figure 5 are views for explaining 
key and key data flow for a case that respective blocks 
applied to Figure 1 request a registration or reproduce 
a digital content. 
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[0062] The accompanying drawings, Figure 3 to Fig- 
ure 5 are views for showing a concrete embodiment of 
the present invention, terms employed in the present in- 
vention are briefly explained as folbws. 
[0063] Firstly, the authorization recognition unit 1 0, as 
a certificate author ity(C A), enables the content supply 
unit 30 to provide a digital content, and enables the first 
content output unit 40 and the second content output 
unit 50 to receive the digital content, to thereby recog- 
nize an authorization. 

[0064] Secondly, the record/reproduction apparatus 
supply unit 20, as a manufacture(MA), manufactures the 
second content output unit 50 to be provided to users. 
[0065] Thirdly, the content supply unit 30, as an inter- 
net service provider(ISP), provides various data to users 
as well as a digital content, fourthly, the first content out- 
put unit 40, as a licensed SDMI compliant module, is a 
device which users can use like a general personal com- 
puter, the second content output unitSOisaunrt like an 
MP3 player, and the content storage unit 60 is a smart 
media card. 

[0066] Explaining the embodiment of the present in- 
vention from now on, first of all, the record/reproduction 
apparatus supply unit 20 transmits the first registration 
request signal 22 to the authorization recognition unit 
10 in order to download a digital content to a manufac- 
tured second content output unit 50 for reproduction. 
[0067] Then, the authorization recognition unit 10 
generates a manufacturer key(MKpo) and a manufac- 
turer key data (Cert^ (MKpo )), which the second con- 
tent output unit 50 can uniquely have, to be transmitted 
to the record/reproduction apparatus supply unit 20. 
[0068] Different manufacturer key(MKpo) and differ- 
ent manufacturer key data(Cert CA (MK PO )) are generat- 
ed from every second content output unit 50 which is 
registration-requested by the record/reproduction appa- 
ratus supply unit 20. 

[0069] Therefore, the record/reproduction apparatus 
supply unit 20 stores the manufacturer key(MKpo) and 
the manufacturer key data (Cert (MK pd )) recog- 
nized from the authorization recognition unit 1 0 in a tem- 
porary register area of the second content output unit 
50 without other users' notice. 

[0070] The authorization recognition unit 10 gener- 
ates the manufacturer key(MKpo) and the manufacturer 
key data(Certc A (MKp D )) as well as randomly generates 
a token at the same time which are provided to the 
record/reproduction apparatus supply unit 20 as stated 
above. 

[0071] That is, the authorization recognition unit 10 
has two tables. The first table is a table which the au- 
thorization recognition unit 10 has and which has the 
manufacturer keyfMKpo) and the manufacturer key data 
(CertQAfMKpo)) as stated above. 
[0072] Further, the second table is a manufacturer key 
data table which is transmitted to the content supply unit 
30 by the authorization recognition unit 10 and which 
has the identiflerODLjCM) of the second content output 



unit 50, the token encoded by the manufacturer key, and 
data for the token (refer to Figure 3). 
[0073] Therefore, the second content output unit 50, 
which is manufactured and supplied from the record/re- 
5 production apparatus supply unit 20. downloads and re- 
produces the digital content which is provided from the 
content supply unit 30. 

[0074] Further, the content supply unit 30, like the 
record/ reproduction apparatus supply unit 20, can pro- 
vide a digital content to the first content output unit 40, 
the second content output unit 50, and the content stor- 
age unit 60 due to an authorization recognition from the 
authorization recognition unit 10. 
[0075] As stated above, the content supply unit 30 
transmits the second registration request signal 31 to 
the authorization recognition unit 10 in order to recog- 
nize a digital content supply authorization. 
[0076] Therefore, the authorization recognition unit 
10, as shown in Figure 3, generates the first authenti- 
cation qualification key (PubKey ep ) and the first au- 
thentication qualification key datafCertc^PubKeyjsp)). 
[0077] That is, if the second registration request sig- 
nal 31 is inputted from the content supply unit 30, the 
authorization recognition unit 10 temporarily forms a 
plurality of keys (PrvKey^, PubKey eph ) in order to form 
a secret channel between the content supply unit 30. 
[0078] Further, the authorization recognition unit 10 
generates the private key(PrvKey ep ), the public key 
(PubKey^p) as the second authentication qualification 
key, and the second public key data as the second au- 
thentication qualification key data(Cert CA (PubKey lsP )) 
in order for the content supply unit 30 to perform an au- 
thorization. 

[0079] At this time, the second authentication qualifi- 
cation key and the second authentication qualification 
key data are encoded as the channel key(k) and provid- 
ed to the content supply unit 30 through the secret chan- 
nel formed between the authorization recognition unit 
1 0 and the content supply unit 20. Here, the secret chan- 
nel is formed by the channel key(k) which the authori- 
zation recognition unit 10 and the content supply unit 20 
are shared. 

[0080] In the meantime, since the secret channel is 
safely formed, illegal users can not download any data 
which is transmitted and received through the secret 
channel. 

[0081] Therefore, since the content supply unit 30 in- 
terprets and stores in a storage unit data which is trans- 
mitted from the authorization recognition unit 10, the dig- 
ital content can be downloaded to the first content output 
unit 40, the second content output unit 50, or the content 
storage unit 60. 

[0082] Further, the first content output unit 40 trans- 
mits the third registration request signal to the content 
supply unit 30 passing through the processes as stated 
above. Furthermore, the content supply unit 30 trans- 
mits the public key(PubKey ep ) and the public key data 
(Certc A (PubKey ep )) as the second authentication qual- 
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ification key and the second authentication qualification 
key data to the first content output unit 40, and the first 
content output unit 40 stores the public key(PubKey BP ) 
and the public key datafCertc^PubKeyis^). 
[0083] In the meantime, the channel key(k) is mutually 
shared between the content supply unit 30 and the first 
content output unit 40, and the first content output unit 
40 safely receives the digital content through the secret 
channel generated by the shared channel key(k). 
[0084] Further, the content supply unit 30 generates 
the private key(PrvKey LCM ) and the public key(PubKey. 
lcm) °f tne first content output unit 40 and identifier 
(I D Lcjy,), such generated data is encoded to the channel 
key(k) which is transmitted to the first content output unit 
40. Furthermore, the first content output unit 40 inter- 
prets and stores the transmitted data by using the chan- 
nel key(k). 

[0085] At this time, if the second content output unit 
50 is connected to the first content output unit 40, the 
first content output unit 40 generates and encodes by 
using the token a secret channel keyfCKpo^^) which 
is shared with the second content output unit 50 and 
which is transmitted to the second content output unit 
50. 

[0086] At this time, the token can be extracted from 
data which is read from the second table of the content 
supply unit 30 and encoded by the second authentica- 
tion qualification key(PubKey LCM ) and transmitted to the 
first content output unit 40. 

[0087] That is, a brief description for extracting the ro- 
ken(T) will be as follows. Since the encoded data which 
is transmitted to the first content output unit 40 is inter- 
preted by the second authentication qualification key 
(PubKey LCM ) which is stored in the first content output 
unit 40, the first content output unit 40 can obtain the 
token (T) and the token data(T*). 
[0088] The token data(T*) is a token(T) which is en- 
coded by the manufacturer key(MK PD ). 
[0089] Such interpreted token (T) from the first content 
output unit 40 is used in encoding the secret channel 
keyfCKpQ.Lcu), and the token data(T*) is transmitted to 
the second content output unit (50). 
[0090] At this time, the token data(T*) which is trans- 
mitted to the second content output unit 50 is interpreted 
by the manufacturer key(MK PD ) which is stored in the 
second content output unit 50, and the second content 
output unit 50 extracts the token (T). Further, the second 
content output unit 50 interprets the encoded channel 
key(k) which is transmitted from the first content output 
unit 40 by using the extracted token and stored in the 
internal memory. 

[0091] Therefore, the second content output unit 50 
stores the transmitted channel key(k) as well as en- 
codes the registered manufacturer key data to the sec- 
ond authentication qualification key(PubKey LCM ) of the 
first content output unit 40 which is transmitted to the 
content supply unit 30. 

[0092] In the meantime, the content supply unit 30 in- 



terprets data which is transmitted through the first con- 
tent output unit 40 and compares the interpreted man- 
ufacturer key data and data of the second table. If there 
is the corresponding data, the content supply unit 30 en- 
s codes the token(T) and the token data(T*) of the table 
contents into the second authentication qualification key 
(PubKeyLCM) and tnen transmits the second authenti- 
cation qualification keyfPubKeyLjCu) to the first content 
output unit 40. 

[0093] Therefore, the content supply unit 30 can 
download the digital content to the first content output 
unit 40 and the second content output unit 50, and the 
first content output unit 40 and the second content out- 
put unit 50 can reproduce the downloaded digital con- 
tent. 

[0094] As stated above, in order to prevent an illegal 
copy as the digital content which is downloaded from 
the content supply unit 30 according to the request of 
the first content output unit 40 is again downloaded to 
the second content output unit 50, the internet appliance 
40 has a database (RMS-DB; Right Management Sys- 
tem-Data Base) which can check a present state of the 
digital content together with the digital content (refer to 
Figure 5). 

[0095] The database contains an identifier data area 
of the digital content, an updated token data area, a data 
area for checking a present state of the digital content, 
and a reproduction control data area. 
[0096] Further, the database is stored in the first con- 
tent output unit 40 in an encoded form by the secret 
channel key(CK PD _ LCM ) which the first content output 
unit 40. 

[0097] The most important area in the database 
(RMS-DB) is the updated token area(UTD), and the up- 
dated token area(UTD) has different values when the 
updated token area(UTD) downloads a digital content 
from the first content output unit 40 to the second con- 
tent output unit 50, or uploads the digital content from 
the second content output unit 50 to the first content out- 
put unit 40. 

[0098] At this time, the updated token is transmitted 
to the first content output unit 40 through the second 
content output unit 50 to update the stored token in the 
first content output unit 40. 

[0099] That is, data registered in the database(RMS- 
DB) of the first content output unit 40 becomes different 
every time the first content output unit 40 reproduces, 
downloads, or updates a digital content downloaded into 
the first content output unit 40. Therefore, the first con- 
tent output unit 40 checks the registered data in the da- 
tabase if users legally use the digital content in the case 
that a request signal for reproduction, dowload, or up- 
load of the digital content is inputted by the users. 
[0100] Further, in the case that the digital content is 
downloaded or uploaded between the first content out- 
put unit 40 and the second output unit 50, an area is 
checked which has data for checking a present state of 
the digital content and which is the second area of the 
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database(RMS-DB). 

[0101] That is, since the first content output unit 40 
checks the third area, when the second content output 
unit 50 downloads a digital content downloaded from the 
first content output unit 40 to the second content output 
unit, the selection of a copy form or a transmission form 
can be read. 

[0102] Further, by checking check-in/check-out data 
included in the second area, the transmission state of 
the digital content can be read. That is, the check-in data 
means that a digital content is not downloaded from the 
first content output unit 40 to the second content output 
unit 50. 

[01 03] The check-out data means that the digital con- 
tent is a downloading state from the first content output 
unit 20 to the second content output unit 50, or that the 
downloaded digital content is again uploaded to the first 
content output unit 40. 

[0104] The last area of the database (RMS-DB) is a 
reproduction control data area and contains data for re- 
production times of a digital content, a reproduction ex- 
piration period of the digital content, and an amnesty 
period of the digital content. 

[0105] Here, the reproduction times of the digital con- 
tent is a value which is established when a digital con- 
tent is provided from the content supply unit 30 to the 
first content output unit 40 and which controls the repro- 
duction times by counting down one by one every time 
the digital content is downloaded. 
[0106] Further, the reproduction expiration period of 
the digital content does not mean the reproduction of 
the digital content and the control of the output state, 
but a period established by the content supply unit 30, 
and the digital content downloaded from the content 
supply unit 30 to the first content output unit 40 can be 
reproduced in the period as stated above. 
[01 07] Lastly, the amnesty period of the digital content 
enables the digital content downloaded from the content 
supply unit 30 to the first content output unit 40 to be 
reproduced irrespectively of the reproduction times of 
the digital contents or the expiration period. 
[0108] As stated above, if the content supply unit 30 
accepts a download request of a digital content of the 
first content output unit 40, the content supply unit 30 
firstly identifies the ID of the first content output unit 40, 
judges as the first content output unit 40 legally connect- 
ed to the content supply unit 30, and downloads a digital 
content having a file format embodied by the secret sys- 
tem to the first content output unit 40. 
[0109] The file format having a digital content trans- 
mitted to the first content output unit 40 from the content 
supply unit 30, as shown in Figure 6, contains a title ID 
field, a content discription field(CDF), algorithm identi- 
fying field(AIF), an indicator of source originator field 
(SOI), a copyright holder information field(CHI) indicat- 
ing a copy holder information, a right management field 
(RMF), a content encription key(CEK), and a digital con- 
tent field encoded to a content encryption key. 



[011 0] The content discription field has data such as 
a digital content composer, a singer, a record label or 
the like. 

[0111] The algorithm identifying field denotes an algo- 
s rithm employed in the secret system embodied in the 
present invention, and there are ECC, SNAKE, CODEC 
and the like in the algorithm. 

[0112] The SOI field has one of data of ISPJD denot- 
ing an identifier of a content supply unit 30 of the present 

io invention, LSPJD denoting an identifier of the first con- 
tent output unit 40, PDJD denoting an identifier of the 
second content output unit 50. 
[0113] Therefore, in the case that the f i rst content out- 
put unit 40 downloads and reproduces a digital content 

15 having the format as stated above, firstly an algorithm 
encoded from the AIF field is identified, and the authen- 
tication qualification of the first content output unit 40 is 
recovered by using the identified encryption algorithm. 
[0114] Further, the identifier which the first content 

20 output unit 40 has and the identifier in the SOI field of 
the file format are compared to check if there is corre- 
spondence between the two. In the case of correspond- 
ence, the copy control state from the RMF data, the re- 
production control state, and the transmission control 

25 state are identified to register them in the database 
(RMS-DB) which the first content output unit 40 has. 
[0115] After the above process is performed, a digital 
content encryption key is extracted by using a CEK field, 
and the encoded digital content is interpreted by using 

30 the encryption key. 

[0116] At this time, in the case that the first content 
output unit 40 does not violate any one of the above, the 
content supply unit 30 judges that the first content output 
unit 40 is legal, and downloads the digital content. 

35 [0117] In the case of changing the RMF field of the file 
formats, in particular the reproduction control state, the 
first content output unit 40 replaces the reproduction 
control state data in two places of the database(RMS- 
DB) and the file format with desired data. 

40 [0118] Further, as stated above, in the case that a dig- 
ital content downloaded from the first content output unit 
40 is again downloaded to the second content output 
unit 50, the folbwing processes are required. 
[0119] Firstly, the first content output unit 40 receives 

45 the UTD data which the second content output unit 50 
of the identifier of the second content output unit by a 
request to the second content output unit 50. 
[0120] Therefore, the second content output unit 50 
encodes the UTD into the third channel key(CK PD _ LCM ) 

50 shared with the first content output unit 40 and the third 
channel key(CKpo_ LCM ) is transmitted to the first content 
output unit 40 together with the identifier of the second 
content output unit. 

[0121] At this time, the first content output unit 40 
55 identifies data transmitted from the second content out- 
put unit 50 and extracts the identifier of the second con- 
tent output unit 50 and the UTD from the transmitted da- 
ta by using the channel keyfCKpo^M) shared with the 
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second content output unit 50, and compares the ex- 
tracted identifier of the second content output unit 50 
and the UTD with data registered in the database. 
[0122] If the UTD is unchanged and the RMF is 
changed, the first content output unit 40 updates the two 
places of the database and the file format to the changed 
RMF. 

[01 23] That is, the first content output unit 40 updates 
the database to a newly generated UTD, and the updat- 
ed UTD is encoded by the channel key (CK pq-lcm) and 
the encoded channel keytCKpQ.ixiyi) is transmitted to 
the second content output unit 50. 
[0124] In the meantime, the first content output unit 
40 transmits a digital content to the second content out- 
put unit 50, and data of an initial transmission control 
state field is Transfer*. As the digital content is transmit- 
ted to the second content output unit 50, data of the 
transmission control state field is changed to Trans- 
ferred*. 

[0125] As stated above, changed data of the trans- 
mission control state field is updated in the database 
(RMS-DB), and is not changed in the file format. At this 
time, the transmission control state field has three types 
of Transfer*, Transferred*, and Transfer-non*. 
[0126] Next, as a digital content is transmitted to the 
second content output unit 50 from the first content out- 
put unit 40, data for the copy control state field is initially 
set to the check-in in the database as well as in the file 
format, but after the digital content is transmitted, the 
data for the copy control state field is changed to the 
check-out both in the database and the file format. 
[01 27] If the data for the copy control state field is set 
to 'Copy-never*, users using the system of the present 
invention can not download the digital content of the first 
content output unit 40 to the second content output unit 
50. 

[0128] If the above processes are correctly per- 
formed, the digital content is downloaded to the second 
content output unit 50. 

[0129] Figure 7 is a view for preventing an illegal copy 
in downloading to the content storage unit 60 a digital 
content which the second content output unit 50 has. 
Firstly, the second content output unit 50 transmits to 
the content storage unit 60 an encoded digital content 
to be recorded in the content storage unit 60 and an en- 
coded reproduction data to reproduce the digital con- 
tent. 

[01 30] At this time, another encryption of data neces- 
sary to produce the encoded digital content is performed 
as follows. 

[01 31] That is, the second content output unit 50 con- 
tains a random number generation unit(RNG) for ran- 
domly generating a number, and a function process unit 
(F) for function-processing various inputs and generat- 
ing predetermined values which only the content stor- 
age unit 60 can have. 

[0132] At this time, values inputted to the function 
process unit(F) are a random number, a channel key, 



and a bad sector address and an inherent number which 
the content storage unit 60 inherently has. 
[01 33] Further, another encryption of an encoded dig- 
ital content reproduction data is performed by using 
s function values generated in the function process unit 
(F). 

[0134] A digital content referred to in the present in- 
vention is downloaded from the first content output unit 
40 to the second content output unit 50 and the content 
storage unit 60, or uploaded from the second content 
output unit 50 to the first content output unit 40. This is 
denoted by checking a field indicating transmission con- 
trol state data of file format data which is provided from 
the database and the content supply unit 30 which the 
first content output unit 40. 

[0135] If, as stated above, transfer* is indicated as a 
result that the first content output unit 40 checks the da- 
tabase and the transmission control state data field of 
the file format, the first content output unit 40 can down- 
load a digital content to the second content output unit 
50, if the digital content is downloaded from the first con- 
tent output unit 40 to the second content output unit 50, 
transfer 1 is changed to transferred 1 in the database and 
the transmission control state data field of the file format 
and the changed data is transmitted to the second con- 
tent output unit 50. 

[0136] Further, since the digital content downloaded 
to the second content output unit 50 is not in the first 
content output unit 40, in order to be again reproduced 
in the first content output unit 40, the digital content is 
again uploaded from the second content output unit 50 
to the first content output unit 40. 
[01 37] However, the digital content downloaded to the 
content storage unit 60 from the first content output unit 
40 can be reproduced in an arbitrary second content 
output unit 50. Further, the digital content downloaded 
to the content storage unit 60 is uploaded to another first 
content output unit 40 through the second content out- 
put unit 50. 

[0138] Furhter, various input devices are additionally 
connected to the first content output unit 40 and the sec- 
ond content output unit 50 applied to the present inven- 
tion, and such input devices are shown in detail in Figure 
8. 

[0139] That is, the input devices which can be addi- 
tionally connected to the first content output unit 40 and 
the second content output unit 50 can be CD such as 
RedBook CD, audio CD, super audio CD, DVD Disk, 
and analog input, and the like. 
[0140] The audio signal inputted through the input de- 
vices is inputted to the first content output unit 40, and 
encoded according to a system supported in the present 
invention, and then transmitted to the second content 
output unit 50, or transmitted to the content storage unit 
60 to be reproduced through the second output unit 50. 
[0141] in the meantime, Kiosk in Figure 8 is a unit of 
an intermediate property of the content supply unit 30 
and the first content output unit 40. The kiosk generates 
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a registration request signal for selling an encoded dig- 
ital content by the content supply unit 30 through a PC 
connected with an internet 

[0142] Therefore, the content supply unit 30 provides 
to the kiosk the storage medium having a digital content 
encoded by a system supported in the present invention 
according to the registration request signal, and the ki- 
osk receives fees from users and transmits a digital con- 
tent stored in the storage medium. 
[0143] Figure 9 is a view for explaining an input control 
of the output source of Figure 8. 
[0144] As shown in Figure 9, applied program inter- 
face(API) of the first content output un ^indicated as 
'Host' in Figure 9) checks if data inputted through the 
CD, EMD(content provided over internet), PM, DVD, 
and the like(hereinafter, referred to as 'input devices') 
can be reproduced in a system supported in the present 
invention. 

[01 45] Therefore, if the data can be reproduced in the 
system supported in the present invention, the API con- 
verts data inputted from the input devices to a format 
which can be reproduced in the system. 
[0146] In the meantime, as a method which data can 
be reproduced in the system supported in the present 
invention as stated above, first, in the case that the input 
devices are the super CD or DVD, data which checks if 
data recorded on the storage medium can be copied is 
in an area out of data area. The API detects the area 
and uses the data when converting a signal inputted to 
the first content output unit( , 40' in Figure 1 ) to a file for- 
mat supported in the present invention. 
[0147] Secondly, in the case that the input device is 
the EMD and data inputted through the EMD has an en- 
coded format, the API detects an encryption key and an 
encryption algorithm and uses the data when converting 
a signal inputted to the first content output unit 40 to a 
file format supported in the present invention. 
[0148] Thirdly, if the input device is a general analog 
input, the API encodes inputted data according to a sys- 
tem supported in the present invention. 
[01 49] I n the meantime, the API checks if an input de- 
vice and data inputted from the input devices are suita- 
ble for the system and transmits the following data to 
the import control layer. 

[01 50] First, data for the type of a storage medium, for 
example, data for a type of an input device such as audio 
CD, DVD and the like, second, data for an initial form of 
data inputted to the first content output unit 40 from an 
input device, for example, data for a title, a player, a 
singer and the like, third, data for an encryption key 
which is data for an encryption algorithm. 
[0151] At this time, the data is transmitted to the sec- 
ond content output unit 50 from the first content output 
unit 40 through the first interface part. Further, the data 
inputted from the third interface part of the second con- 
tent output unit 50 is inputted to the import control layer 
of the second content output unit to be restructured in a 
file format shown in Figure 6. 



[01 52] That is, the file format in Figure 6 formed in the 
import control layer of the second content output layer 
50 indicates data for a storage medium in the title-ID 
field, data for initial data inputted to an internet appliance 

5 from an input device for the CDF, data for an encryption 
algorithm outputted to the import control layer from the 
API of the first content output unit for the AIF, LCM-ID 
in the Device-ID field and SOI field, data for a copyright 
protection in the CHI field, and following data for the 

10 RMF. 

[0153] First of all, 'copy not available' is indicated for 
the copy control state, 'check-in/check-ouf is selectively 
indicated for the download/upload, 'reproduction 
times=no limit or predetermined times' is selectively in- 
15 dicated for the reproduction control state, and transmis- 
sion not available' is indicated for the reproduction con- 
trol state since the copy control state is 'copy not 
available' . 

[01 54] Next, CEK=k field which is a field indicating da- 
20 ta for an encryption key, if an inputted digital content is 
not encoded, randomly generates a key(k), and a digital 
content inputted from the first content output unit is en- 
coded by the key(k) and indicated in the last field(ENC 
(k, Content)). 

25 [0155] At this time, the first content output unit 40, if 
data inputted through an input device is encoded, judg- 
es what algorithm is used for encryption, and checks an 
encryption algorithm which the second content output 
unit 50 to transmit an encoded digital content has. 

30 [01 56] Accordingly, if two algorithms are not matched, 
the first content output unit 40 interprets an encoded dig- 
ital content and performs a trans-cypted process which 
again encodes the digital content with encryption/de- 
cryption algorithm which the second content output unit 

35 50 has. 

[0157] In the meantime, in the file format formed 
through the process, there is a secret header portion 
shown in Figure 6 from the Device-ID field to the field 
which indicates the encryption key. The secret header 
40 is encoded by the second authentication qualification 
keyfPubKeyLCj^) which the first content output unit 40 
has. 

[0158] In the meantime, the first interface part in the 
first content output unit 40 checks if the second content 

45 output unitf 50* in Figure 1 ) has an identifier and the third 
channel key(CK PO _ LCM ) and identifies if the qualification 
is an authenticated second content output unit 50. 
[0159] In the meantime, an analog input inputted to 
the second content output unit 50 is inputted to the im- 

50 port control layer of a PDFM(PD Functional Module) in 
the second content output unit 50, and the analog input 
is converted to a file format supported in the present in- 
vention by a process described later. 
[01 60] Here, the import control layer, if the analog in- 

55 put is received by frame unit, first encodes the frame, 
encodes the encoded frame by using a randomly gen- 
erated key, and if all frames are encoded, a file format 
as shown in Figure 6 is formed for preventing a copy for 
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an encoded analog input. 

[01 61 ] In order to prevent an illegal copy as shown in 
Figure 6, as in data indicated for RMR an encoded an- 
alog input has a detailed information. 
[0162] That is, 'copy not available' is indicated for the s 
copy control state, 'check-in/check-out* is selectively in- 
dicated for the download/upload, 'reproduction 
times=no limit or predetermined times' is selectively in- 
dicated for the reproduction control state, and transmis- 
sion not available' is indicated for the reproduction con- 10 
trol state. 

[0163] Further, data of the Device-ID field and the SOI 
field which are prepared before the RMF is indicated as 
*PD_ID\ 

[0164] The secret header portion generated via the is 
above process is encoded by the third channel key 
(CK PD _ LCM ) which the second content output unit 50 
has. 

[0165] At this time, the second content output unit 50 
transmits the encoded digital content to the content stor- 20 
age unit 60, since a digital content which is transmitted 
to the content storage unit 60 does not indicate the SOI 
field data as an identifier which the content storage unit 
60 has but as 'PD-ID' as stated above, the digital content 
can not be reproduced via arbitrary second output unit 25 
50. 

[0166] That is, a digital content recorded on the con- 
tent storage unit can be reproduced only in the second 
content output unit 50 which has the same identifier as 
•PD-ID' data of the SOI field contained in the content. 30 
[01 67] Accordingly, as stated above, in the present in- 
vention, entire system shares a channel key between 
units performing mutual communication, forms a safe 
channel, mutually transmits and receives a digital con- 
tent, and prevents illegal users from taking the digital & 
content on the way. Further, even though legal users le- 
gally downloads a digital content, since the second con- 
tent output unit has the above structure, illegal copy of 
a digital content between the second content output unit 
as well as the content storage unit is prevented. <*> 
[0168] As stated above, preferred embodiments of 
the present invention are shown and described. Al- 
though the preferred embodiments of the present inven- 
tion have been described, it is understood that the 
present invention should not be limited to these pre- 45 
ferred embodiments but various changes and modifica- 
tions can be made by one skilled in the art within the 
spirit and scope of the present invention as hereinafter 
claimed. 

[0169] The reader's attention is directed to all papers so 
and documents which are filed concurrently with or pre- 
vious to this specification in connection with this appli- 
cation and which are open to public inspection with this 
specification, and the contents of ail such papers and 
documents are incorporated herein by reference. 55 
[0170] All of the features disclosed in this specifica- 
tion (including any accompanying claims, abstract and 
drawings), and/or all of the steps of any method or proc- 



ess so disclosed, may be combined in any combination, 
except combinations where at least some of such fea- 
tures and/or steps are mutually exclusive. 
[0171] Each feature disclosed in this specification (in- 
cluding any accompanying claims, abstract and draw- 
ings), may be replaced by alternative features serving 
the same, equivalent or similar purpose, unless ex- 
pressly stated otherwise. Thus, unless expressly stated 
otherwise, each feature disclosed is one example only 
of a generic series of equivalent or similar features. 
[0172] The invention is not restricted to the details of 
the foregoing embodiment(s). The invention extend to 
any novel one, or any novel combination, of the features 
disclosed in this specification (including any accompa- 
nying claims, abstract and drawings), or to any novel 
one, or any novel combination, of the steps of any meth- 
od or process so disclosed. 



Claims 

1. A system for preventing an illegal copy of digital 
contents, comprising: 

authorization recognition means (1 0) for gener- 
ating a first authentication qualification key and 
a first authentication qualification key data in re- 
sponse to an externally input second registra- 
tion request signal; 

content supply means (30) for transmitting the 
second registration request signal to the au- 
thorization recognition means (10), storing a 
first authentication qualification key and the first 
authentication qualification key data input from 
the authorization recognition means (10), and 
generating a second authentication qualifica- 
tion key and a second authentication qualifica- 
tion key data; and 

first content output means (40) for outputting a 
third registration request signal to the content 
supply means (30), and storing the second au- 
thentication qualification key and the second 
authentication qualification key data input from 
the content supply means (30). 

2. The system as claimed in claim 1 , wherein the au- 
thorization recognition means (10) forms a first 
channel key capable of sharing with the content 
supply means (30) in response tc a first registration 
request signal inputted from the content supply 
means (30), and outputs an encoded first authenti- 
cation qualification key and an encoded first au- 
thentication qualification key data to the content 
supply means (30) via a secret channel formed by 
the first channel key. 
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3. The system as claimed in claim 2 or 3, wherein the 
content supply means (30) interprets and stores the 
first authentication qualification key and the first au- 
thentication qualification key data input from the au- 
thorization recognition means (10) via the secret 
channel by using the first channel key. 

4. The system as claimed in claim 1 , wherein the con- 
tent supply means (30) forms a second channel key 
capable of sharing with the first content output 
means (40) in response to the second registration 
request signal input from the first content output 
means (40), and outputs a second authentication 
qualification key and an encoded authentication 
qualification key data to the first content output 
means (30) through a secret channel formed by the 
second channel key. 

5. The system as claimed in claim 1 or 4, wherein the 
first content output means (40) interprets and stores 
the second authentication qualification key and the 
second authentication qualification key data input- 
ted from the content supply means (30) through the 
secret channel by using the second channel key. 

6. A system for preventing an illegal copy of digital 
contents, comprising: 



tent supply means (30), storing the second au- 
thentication qualification key and the second 
authentication qualification key data input from 
the content supply means (30), outputting the 
s externally input manufacturer key data to the 

content supply means (30), encoding and out- 
putting the manufacturer key detected from the 
second table in response to the manufacturer 
key data; and 

10 

second content output means (50) for storing 
the manufacturer key and the manufacturer key 
data input from the authorization recognition 
means (10), outputting the manufacturer key 

15 data to the content supply means through the 

first content output means (40), and comparing 
the manufacturer key with the manufacturer 
key of the second table input from the first con- 
tent output means (40) in order to judge if the 

20 stored manufacturer key is authenticated. 

7. The system as claimed in claim 6, wherein the first 
table generated from the authorization recognition 
means (10) contains the manufacturer key data, the 
25 manufacturer key, and an identifier corresponding 
to the manufacturer key, and is stored only in the 
authorization recognition means (10). 



authorization recognition means (10) for gener- 
ating a manufacturer key and a manufacturer 30 
key data in response to an externally input first 
registration request signal, generating a first ta- 
ble and a second table by using the manufac- 
turer key and the manufacturer key data, and 
generating a first authentication qualification 3S 
key and a first authentication qualification key 
data in response to the second registration re- 
quest signal inputted from external; 

record/reproduction apparatus supply means 40 
(30) for outputting the first registration request 
signal to the authorization recognition means 
(10), and storing the manufacturer key and the 
manufacturer key data inputted from the au- 
thorization recognition means (10); 45 

content supply means (30) for outputting the 
second registration request signal to the au- 
thorization recognition means (10), storing the 
first authentication qualification key, the first au- 50 
thentication qualification key data, and the sec- 
ond table, and generating a second authentica- 
tion qualification key and a second authentica- 
tion qualification key data in response to an ex- 
ternally input third registration request signal; 55 

first content output means (40) for outputting 
the third registration request signal to the con- 



8. The system claimed in claim 6 or 7, wherein the sec- 
ond table generated from the authorization recog- 
nition means (10) and output to the content supply 
means (30) has an identifier corresponding to the 
manufacturer key data and the manufacturer key, 
data from encryption of the manufacturer key by us- 
ing a token, and a token. 

9. The system claimed in claim 6, 7 or 8, wherein a 
content storage means (60) is further included 
which is connected to the first content output means 
(40) or the second content output means (50) and 
stores data downloaded from the content supply 
means (30). 

10. The system claimed in daim 6, 7, 8, or 9, wherein 
the authorization recognition means (10) forms a 
first channel key capable of sharing with the content 
supply means (30) in response to a first registration 
request signal inputted from the content supply 
means, and outputs an encoded first authentication 
qualification key and an encoded first authentica- 
tion qualification key data to the content supply 
means via a secret channel formed the first channel 
key. 

11 . The system claimed in any of claims 6 to 1 0, where- 
in the content supply means (30) forms a second 
channel key capable of sharing with the first content 
output means (40) in response to the second regis- 
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tration request signal input from the first content out- 
put means (40), and outputs a second authentica- 
tion qualification key and an encoded authentica- 
tion qualification key data to the first content output 
means (40) through a secret channel formed by the 5 
second channel key. 

1 2. The system claimed in any of claims 6 to 1 1 , wherein 
the first content output means (40) interprets and 
stores the second authentication qualification key 10 
and the second authentication qualification key da- 
ta inputted from the content supply means (30) 
through the secret channel by using the second 
channel key. 

75 

1 3. The system claimed in claim 7, wherein the token 
is randomly generated by the authorization recog- 
nition means (10). 



production data of the digital content to the first 
content output means. 

17. The system claimed in claim 16, wherein the data- 
base is separated with an identifier data area of the 
digital content, an updated token data area, an data 
area for a present state of the digital content, and a 
reproduction control data area, and has the corre- 
sponding data. 

18. The system claimed in claim 17, wherein the data 
area for the present state of the digital content in- 
cludes: 

data indicating that the digital content is down- 
loaded in a copy form from the first content out- 
put means (40) to the second content output 
means (50); 



14. The system claimed in claim 6, wherein the first con- 20 
tent output means (40) forms a third channel capa- 
ble of being shared with the second content output 
means (50), encodes the third channel key with a 
token inputted from the content supply means (30) 
and transmits to the second content output means 25 
(50). 

15. The system claimed in claim 6, wherein the second 
content output means (50) extracts a token from en- 
coded manufacturer data from the first content out- 30 
put means (40) by using the stored manufacturer 
key in advance, interprets and stores the third chan- 
nel key by using the token to form a secret channel 
with the first content output means (40). 

35 

16. A system for preventing an illegal copy of digital 
contents, comprising: 

content supply means (30) for supplying an en- 
coded digital content; 40 

first content output means (40) including a da- 
tabase which has reproduction data of a digital 
content downloaded from the content supply 
means (30), encoding the database by using *s 
the third channel key for storage, interpreting 
... the reproduction data of the digital content in- 
putted from external by using the third channel 
key to be compared with a reproduction data of 
the database, to thereby judge if an illegal copy so 
of the digital content is performed; and 



data indicating that the digital content is down- 
loaded in a transmission form from the first con- 
tent output means (40) to the second content 
output means (50); and 

data indicating that the digital content is down- 
loaded and uploaded between the first content 
output means (40) and the second content out- 
put means (50). 

19. The system claimed in claim 17, wherein the repro- 
duction control data area of the digital content in- 
cludes: 

data for reproduction times of the digital con- 
tent; 

data for a reproduction expiration period of the 
digital content; and 

data for an amnesty period of the digital con- 
tent. 



second content output means (50) for updating 
the reproduction data of the digital content 
stored in advance by interpreting the reproduc- ss 
tion data of the digital content input from the first 
content output means (40) by using the third 
channel key, and transmitting the updated re- 
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